It used to be that Mac computers were immune from the vast majority of
viruses and malware plaguing Windows and other platforms. But as Apple’s
products have been growing in popularity, hackers and malware developers have been increasingly targeting macOS.

The malware, known as XAgent, can be customized to create a perfect backdoor entry into a Mac, allowing hackers to steal iOS backups that are stored on a Mac, logging passwords, and even taking pictures of displays. The research firm, Bitdefender, came out with this information.

It must be noted that there are already a handful of malicious
services that are linked to APT28, including Sofacy, Sednit, Fancy Bear,
and Pawn Storm. These findings have revealed that XAgent has a very
familiar file path in its binaries as the one on Komplex, which is
a trojan that piggybacks off of Sofacy. A more recent discovery
mentioned that the latest Mac malware is being planted onto the machines
with the help of Komplex.

“For once, there is the presence of similar modules, such as
FileSystem, KeyLogger, and RemoteShell, as well as a similar network
module called HttpChanel,” noted researchers.

Bitdefender has not yet determined how the new malware spreads as
they’re still analyzing Xagent, but we’ll make sure to update the
article with further information once it becomes available. For the time
being, be sure to adjust your Gatekeeper settings so that your Mac
cannot download and execute apps from unidentified developers.

Bitdefender had this to say on its report – “Our past analysis of
samples known to be linked to APT28 group shows a number of similarities
between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and
the Mac OS binary that currently forms the object of our investigation.
For once, there is the presence of similar modules, such as FileSystem,
KeyLogger, and RemoteShell, as well as a similar network module called
HttpChanel.”

It used to be that Mac computers were immune from the vast majority of
viruses and malware plaguing Windows and other platforms. But as Apple’s
products have been growing in popularity, hackers and malware developers have been increasingly targeting macOS.

The malware, known as XAgent, can be customized to create a perfect backdoor entry into a Mac, allowing hackers to steal iOS backups that are stored on a Mac, logging passwords, and even taking pictures of displays. The research firm, Bitdefender, came out with this information.

It must be noted that there are already a handful of malicious
services that are linked to APT28, including Sofacy, Sednit, Fancy Bear,
and Pawn Storm. These findings have revealed that XAgent has a very
familiar file path in its binaries as the one on Komplex, which is
a trojan that piggybacks off of Sofacy. A more recent discovery
mentioned that the latest Mac malware is being planted onto the machines
with the help of Komplex.

“For once, there is the presence of similar modules, such as
FileSystem, KeyLogger, and RemoteShell, as well as a similar network
module called HttpChanel,” noted researchers.

Bitdefender has not yet determined how the new malware spreads as
they’re still analyzing Xagent, but we’ll make sure to update the
article with further information once it becomes available. For the time
being, be sure to adjust your Gatekeeper settings so that your Mac
cannot download and execute apps from unidentified developers.

Bitdefender had this to say on its report – “Our past analysis of
samples known to be linked to APT28 group shows a number of similarities
between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and
the Mac OS binary that currently forms the object of our investigation.
For once, there is the presence of similar modules, such as FileSystem,
KeyLogger, and RemoteShell, as well as a similar network module called
HttpChanel.”